US orders federal agencies to update or remove some VMware products – Security | #government | #hacking | #cyberattack


The US cyber security and infrastructure agency (CISA) has ordered federal officials to update or remove some products made by VMware, saying hackers were actively using vulnerable versions of the products to break into targeted organisations.

In an advisory, CISA said that attackers had managed to reverse-engineer recent updates for VMware products and were now using the knowledge to target old versions and hack into unpatched devices.

The affected products include VMware Workspace ONE Access, which is meant to provide one-stop access to various digital services, and VMware vRealize Automation, which helps manage and automate complex IT processes.

CISA said that any unpatched VMware devices still accessible from the internet should be assumed to be compromised.

VMware, which spun off from Dell Technologies last year, did not immediately return a message seeking comment.

CISA Director Jen Easterly said in a statement that the vulnerabilities in old versions of the VMware products posed “an unacceptable risk to federal network security.”

“We also strongly urge every organisation – large and small – to follow the federal government’s lead and take similar steps to safeguard their networks,” she said.



Original Source link

Leave a Reply

Your email address will not be published.

sixty eight + = 74